| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
|---|---|---|---|---|---|---|---|---|---|
| 0000066 | SKGB-intern | account | public | 2006-03-14 00:42 | 2010-03-14 21:17 | ||||
| Reporter | aj | ||||||||
| Assigned To | aj | ||||||||
| Priority | normal | Severity | tweak | Reproducibility | always | ||||
| Status | resolved | Resolution | fixed | ||||||
| Projection | none | ETA | none | ||||||
| Platform | WWW | OS | iCab | OS Version | 3.0b | ||||
| Product Version | 1.1 | Product Build | 0.17.1 | ||||||
| Target Version | 1.1.5 | Fixed in Version | 1.1.5 | ||||||
| Summary | 0000066: SPAM in userrights after creating new user | ||||||||
| Description | Creating a new user creates some appearantly superfluous "none" entries in userrights. Could this behaviour be removed please. | ||||||||
| Additional Information | 0000054 is CONFIRM FIXED | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files |
| ||||||||
 Relationships |
 Notes |
|
|
aj (manager) 2006-07-25 14:34 |
Security Considerations: Entries of "none" in userrights yield proper rights in PHP modules actually referring to the database to determine the user's rights, thus "none" entries do not pose a security risk in theirselves, but are merely a nusiance. However, since access control is primarily determined by Apache's htdigest list, the entry of "none" could lead to misunderstandings of access restrictions in some cases. Additional Information: This issue only occurs for newly created users. The modification appears to work correctly AFAICT. |
| Notes |